Initialize for libsepol
This commit is contained in:
commit
5704167428
5 changed files with 335 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
libsepol-3.1.tar.gz
|
1
.libsepol.metadata
Normal file
1
.libsepol.metadata
Normal file
|
@ -0,0 +1 @@
|
|||
4346745f7dba991a82b64d2f3615d0398e8e5aa98d15740f0ee920819caf507f libsepol-3.1.tar.gz
|
1
baselibs.conf
Normal file
1
baselibs.conf
Normal file
|
@ -0,0 +1 @@
|
|||
libsepol1
|
221
libsepol.changes
Normal file
221
libsepol.changes
Normal file
|
@ -0,0 +1,221 @@
|
|||
* Tue Jul 14 2020 jsegitz@suse.com
|
||||
- Update to version 3.1
|
||||
* Add support for new polcap genfs_seclabel_symlinks
|
||||
* Initialize the multiple_decls field of the cil db
|
||||
* Return error when identifier declared as both type and attribute
|
||||
* Write CIL default MLS rules on separate lines
|
||||
* Sort portcon rules consistently
|
||||
* Remove leftovers of cil_mem_error_handler
|
||||
* Drop remove_cil_mem_error_handler.patch, is included
|
||||
* Mon Apr 27 2020 mliska@suse.cz
|
||||
- Enable -fcommon in order to fix boo#1160874.
|
||||
* Tue Mar 3 2020 jsegitz@suse.de
|
||||
- Update to version 3.0
|
||||
* cil: Allow validatetrans rules to be resolved
|
||||
* cil: Report disabling an optional block only at high verbose levels
|
||||
* cil: do not dereference perm_value_to_cil when it has not been allocated
|
||||
* cil: fix mlsconstrain segfault
|
||||
* Further improve binary policy optimization
|
||||
* Make an unknown permission an error in CIL
|
||||
* Remove cil_mem_error_handler() function pointer
|
||||
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
|
||||
* Add a function to optimize kernel policy
|
||||
* Add ebitmap_for_each_set_bit macro
|
||||
Dropped fnocommon.patch as it's included upstream
|
||||
* Thu Jan 30 2020 jsegitz@suse.de
|
||||
- Add fnocommon.patch to prevent build failures on gcc10 and
|
||||
remove_cil_mem_error_handler.patch to prevent build failures due to
|
||||
leftovers from the removal of cil_mem_error_handler (bsc#1160874)
|
||||
* Thu Jun 20 2019 mliska@suse.cz
|
||||
- Disable LTO due to symbol versioning (boo#1138813).
|
||||
* Wed Mar 20 2019 jsegitz@suse.com
|
||||
- Update to version 2.9
|
||||
* Add two new Xen initial SIDs
|
||||
* Check that initial sid indexes are within the valid range
|
||||
* Create policydb_sort_ocontexts()
|
||||
* Eliminate initial sid string definitions in module_to_cil.c
|
||||
* Rename kernel_to_common.c stack functions
|
||||
* add missing ibendport port validity check
|
||||
* destroy the copied va_list
|
||||
* do not call malloc with 0 byte
|
||||
* do not leak memory if list_prepend fails
|
||||
* do not use uninitialized value for low_value
|
||||
* fix endianity in ibpkey range checks
|
||||
* ibpkeys.c: fix printf format string specifiers for subnet_prefix
|
||||
* mark permissive types when loading a binary policy
|
||||
* Thu Nov 8 2018 jengelh@inai.de
|
||||
- Use more %%make_install.
|
||||
* Thu Nov 8 2018 jsegitz@suse.com
|
||||
- Adjusted source urls (bsc#1115052)
|
||||
* Wed Oct 17 2018 jsegitz@suse.com
|
||||
- Update to version 2.8 (bsc#1111732)
|
||||
For changes please see
|
||||
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
|
||||
* Wed May 16 2018 mcepl@suse.com
|
||||
- Rebase to 2.7
|
||||
For changes please see
|
||||
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
|
||||
* Fri Nov 24 2017 jsegitz@suse.com
|
||||
- Update to version 2.6. Notable changes:
|
||||
* Add support for converting extended permissions to CIL
|
||||
* Create user and role caches when building binary policy
|
||||
* Check for too many permissions in classes and commons in CIL
|
||||
* Fix xperm mapping between avrule and avtab
|
||||
* Produce more meaningful error messages for conflicting type rules in CIL
|
||||
* Change which attributes CIL keeps in the binary policy
|
||||
* Warn instead of fail if permission is not resolved
|
||||
* Ignore object_r when adding userrole mappings to policydb
|
||||
* Correctly detect unknown classes in sepol_string_to_security_class
|
||||
* Fix neverallowxperm checking on attributes
|
||||
* Only apply bounds checking to source types in rules
|
||||
* Fix CIL and not add an attribute as a type in the attr_type_map
|
||||
* Fix extended permissions neverallow checking
|
||||
* Fix CIL neverallow and bounds checking
|
||||
* Add support for portcon dccp protocol
|
||||
* Fri Jul 15 2016 jengelh@inai.de
|
||||
- Update RPM groups, trim description and combine filelist entries.
|
||||
* Thu Jul 14 2016 mpluskal@suse.com
|
||||
- Cleanup spec file with spec-cleaner
|
||||
- Make spec file a bit more easy
|
||||
- Ship new supbackage (-tools)
|
||||
* Thu Jul 14 2016 jsegitz@novell.com
|
||||
- Without bug number no submit to SLE 12 SP2 is possible, so to make
|
||||
sle-changelog-checker happy: bsc#988977
|
||||
* Thu Jul 14 2016 jsegitz@novell.com
|
||||
- Adjusted source link
|
||||
* Tue Jul 5 2016 i@marguerite.su
|
||||
- update version 2.5
|
||||
* Fix unused variable annotations
|
||||
* Fix uninitialized variable in CIL
|
||||
* Validate extended avrules and permissionxs in CIL
|
||||
* Add support in CIL for neverallowx
|
||||
* Fully expand neverallowxperm rules
|
||||
* Add support for unordered classes to CIL
|
||||
* Add neverallow support for ioctl extended permissions
|
||||
* Improve CIL block and macro call recursion detection
|
||||
* Fix CIL uninitialized false positive in cil_binary
|
||||
* Provide error in CIL if classperms are empty
|
||||
* Add userattribute{set} functionality to CIL
|
||||
* fix CIL blockinherit copying segfault and add macro restrictions
|
||||
* fix CIL NULL pointer dereference when copying classpermission/set
|
||||
* Add CIL support for ioctl whitelists
|
||||
* Fix memory leak when destroying avtab
|
||||
* Replace sscanf in module_to_cil
|
||||
* Improve CIL resolution error messages
|
||||
* Fix policydb_read for policy versions < 24
|
||||
* Added CIL bounds checking and refactored CIL Neverallow checking
|
||||
* Refactored libsepol Neverallow and bounds (hierarchy) checking
|
||||
* Treat types like an attribute in the attr_type_map
|
||||
* Add new ebitmap function named ebitmap_match_any()
|
||||
* switch operations to extended perms
|
||||
* Write auditadm_r and secadm_r roles to base module when writing CIL
|
||||
* Fix module to CIL to only associate declared roleattributes with in-scope types
|
||||
* Don't allow categories/sensitivities inside blocks in CIL
|
||||
* Replace fmemopen() with internal function in libsepol
|
||||
* Verify users prior to evaluating users in cil
|
||||
* Binary modules do not support ioctl rules
|
||||
* Add support for ioctl command whitelisting
|
||||
* Don't use symbol versioning for static object files
|
||||
* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
|
||||
and sepol_ppfile_to_module_package()
|
||||
* Move secilc out of libsepol
|
||||
* fix building Xen policy with devicetreecon, and add devicetreecon
|
||||
CIL documentation
|
||||
* bool_copy_callback set state on creation
|
||||
* Add device tree ocontext nodes to Xen policy
|
||||
* Widen Xen IOMEM context entries
|
||||
* Fix error path in mls_semantic_level_expand()
|
||||
* Update to latest CIL, includes new name resolution and fixes ordering
|
||||
issues with blockinherit statements, and bug fixes
|
||||
- changes in 2.4
|
||||
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
|
||||
* Fix bugs found by hardened gcc flags
|
||||
* Build CIL into libsepol. libsepol can be built without CIL by setting the
|
||||
DISABLE_CIL flag to 'y'
|
||||
* Add an API function to set target_platform
|
||||
* Report all neverallow violations
|
||||
* Improve check_assertions performance
|
||||
* Allow libsepol C++ static library on device
|
||||
* Fri May 16 2014 vcizek@suse.com
|
||||
- update to 2.3
|
||||
* Improve error message for name-based transition conflicts.
|
||||
* Revert libsepol: filename_trans: use some better sorting to compare and merge.
|
||||
* Report source file and line information for neverallow failures.
|
||||
* Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
|
||||
* Add sepol_validate_transition_reason_buffer function from Richard Haines.
|
||||
- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
|
||||
* Thu Oct 31 2013 p.drouand@gmail.com
|
||||
- Update to version 2.2
|
||||
* Allow constraint denial cause to be determined
|
||||
- Add kernel policy version 29.
|
||||
- Add modular policy version 17.
|
||||
- Add sepol_compute_av_reason_buffer(), sepol_string_to_security
|
||||
_class(), sepol_string_to_av_perm().
|
||||
* Support overriding Makefile RANLIB
|
||||
* Fix man pages
|
||||
- Remove libsepol-rhat.patch; merged on upstream
|
||||
* Thu Jun 27 2013 vcizek@suse.com
|
||||
- change the source url to the official 2.1.9 release tarball
|
||||
* Sat Jun 22 2013 crrodriguez@opensuse.org
|
||||
- Build with LFS_CFLAGS for 32 bit archs
|
||||
* Fri Apr 5 2013 vcizek@suse.com
|
||||
- remove a debugging artifact in spec
|
||||
* Thu Apr 4 2013 vcizek@suse.com
|
||||
- fixed source url
|
||||
* Wed Feb 13 2013 vcizek@suse.com
|
||||
- update to 2.1.9
|
||||
* filename_trans: use some better sorting to compare and merge
|
||||
* coverity fixes
|
||||
* implement default type policy syntax
|
||||
* Fix memory leak issues found by Klocwork
|
||||
- added libsepol-rhat.patch
|
||||
* Mon Jan 7 2013 jengelh@inai.de
|
||||
- Remove obsolete defines/sections
|
||||
* Mon Dec 10 2012 p.drouand@gmail.com
|
||||
- Update to 2.1.8 version:
|
||||
* fix neverallow checking on attributes
|
||||
* Move context_copy() after switch block in ocontext_copy_*().
|
||||
* check for missing initial SID labeling statement.
|
||||
* Add always_check_network policy capability
|
||||
* role_fix_callback skips out-of-scope roles during expansion.
|
||||
* Thu Oct 25 2012 vcizek@suse.com
|
||||
- skip roles which are out of scope when expanding attributes
|
||||
- needed for building selinux-policy
|
||||
* Wed Jul 25 2012 meissner@suse.com
|
||||
- updated to 2.1.4
|
||||
- lots of updates
|
||||
* Wed Oct 5 2011 uli@suse.com
|
||||
- cross-build fix: use %%__cc macro
|
||||
* Mon Jun 28 2010 jengelh@medozas.de
|
||||
- use %%_smp_mflags
|
||||
* Sat Apr 24 2010 coolo@novell.com
|
||||
- buildrequire pkg-config to fix provides
|
||||
* Thu Feb 25 2010 prusnak@suse.cz
|
||||
- updated to 2.0.41
|
||||
* changes too numerous to list
|
||||
* Sun Dec 13 2009 jengelh@medozas.de
|
||||
- add baselibs.conf as a source
|
||||
* Wed Nov 11 2009 crrodriguez@opensuse.org
|
||||
- libsepol-devel Requires glibc-devel
|
||||
* Fri Jun 19 2009 prusnak@suse.cz
|
||||
- put static library in libsepol-devel-static
|
||||
* Wed May 27 2009 prusnak@suse.cz
|
||||
- updated to 2.0.36
|
||||
* fix alias field in module format, caused by boundary format
|
||||
change from Caleb Case
|
||||
* fix boolean state smashing from Joshua Brindle
|
||||
* Mon Dec 1 2008 prusnak@suse.cz
|
||||
- updated to 2.0.34
|
||||
* add bounds support
|
||||
* fix invalid aliases bug
|
||||
* Wed Oct 22 2008 mrueckert@suse.de
|
||||
- fix debug_packages_requires define
|
||||
* Tue Sep 23 2008 prusnak@suse.cz
|
||||
- require only version, not release [bnc#429053]
|
||||
* Fri Aug 22 2008 prusnak@suse.cz
|
||||
- added baselibs.conf file
|
||||
* Fri Aug 1 2008 ro@suse.de
|
||||
- fix requires for debuginfo package
|
||||
* Tue Jul 15 2008 prusnak@suse.cz
|
||||
- initial version 2.0.32
|
||||
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
|
111
libsepol.spec
Normal file
111
libsepol.spec
Normal file
|
@ -0,0 +1,111 @@
|
|||
#
|
||||
# spec file for package libsepol
|
||||
#
|
||||
# Copyright (c) 2022-2023 ZhuningOS
|
||||
#
|
||||
|
||||
|
||||
Name: libsepol
|
||||
Version: 3.1
|
||||
Release: 150400.1.70
|
||||
Summary: SELinux binary policy manipulation library
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Libraries/C and C++
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz
|
||||
Source2: baselibs.conf
|
||||
BuildRequires: flex
|
||||
BuildRequires: pkgconfig
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
libsepol provides an API for the manipulation of SELinux binary
|
||||
policies. It is used by checkpolicy (the policy compiler) and similar
|
||||
tools, as well as by programs like load_policy that need to perform
|
||||
specific transformations on binary policies such as customizing
|
||||
policy boolean settings.
|
||||
|
||||
%package utils
|
||||
Summary: SELinux binary policy manipulation tools
|
||||
Group: System/Base
|
||||
|
||||
%description utils
|
||||
libsepol provides an API for the manipulation of SELinux binary
|
||||
policies. It is used by checkpolicy (the policy compiler) and similar
|
||||
tools, as well as by programs like load_policy that need to perform
|
||||
specific transformations on binary policies such as customizing
|
||||
policy boolean settings.
|
||||
|
||||
%package -n libsepol1
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libsepol1
|
||||
libsepol provides an API for the manipulation of SELinux binary
|
||||
policies. It is used by checkpolicy (the policy compiler) and similar
|
||||
tools, as well as by programs like load_policy that need to perform
|
||||
specific transformations on binary policies such as customizing
|
||||
policy boolean settings.
|
||||
|
||||
(Security-enhanced Linux is a feature of the kernel and some
|
||||
utilities that implement mandatory access control policies, such as
|
||||
Type Enforcement, Role-based Access Control and Multi-Level
|
||||
Security.)
|
||||
|
||||
%package devel
|
||||
Summary: Development files for SELinux's binary policy manipulation library
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: glibc-devel
|
||||
Requires: libsepol1 = %{version}
|
||||
|
||||
%description devel
|
||||
The libsepol-devel package contains the libraries and header files
|
||||
needed for developing applications that manipulate binary SELinux
|
||||
policies.
|
||||
|
||||
%package devel-static
|
||||
Summary: Static archives for SELinux's binary policy manipulation library
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libsepol-devel = %{version}
|
||||
|
||||
%description devel-static
|
||||
The libsepol-devel-static package contains the static libraries
|
||||
needed for developing applications that manipulate binary SELinux
|
||||
policies.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%define _lto_cflags %{nil}
|
||||
export CFLAGS="%{optflags} -fcommon"
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}"
|
||||
|
||||
%post -n libsepol1 -p /sbin/ldconfig
|
||||
%postun -n libsepol1 -p /sbin/ldconfig
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/chkcon
|
||||
%{_mandir}/man8/*.8%{ext_man}
|
||||
%{_mandir}/ru/man8/*.8%{ext_man}
|
||||
|
||||
%files -n libsepol1
|
||||
%defattr(-,root,root)
|
||||
/%{_lib}/libsepol.so.*
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libsepol.so
|
||||
%{_mandir}/man3/*.3%{ext_man}
|
||||
%{_includedir}/sepol/
|
||||
%{_libdir}/pkgconfig/libsepol.pc
|
||||
|
||||
%files devel-static
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libsepol.a
|
||||
|
||||
%changelog
|
Loading…
Add table
Reference in a new issue